Explore advanced Clickjacking techniques and their powerful implications for web application security in this Black Hat EU 2010 conference talk. Delve into the evolution of Clickjacking attacks, moving beyond basic concepts to examine newly developed methods that challenge previous assumptions about the technique's limitations. Learn how these advanced Clickjacking strategies can bypass current CSRF protections, inject data into applications, and extract information from websites without user awareness. Discover cross-browser techniques and browser-specific vulnerabilities in Internet Explorer, Firefox, and Safari/Chrome that enable full control of web applications. Witness the demonstration of a new tool for creating multi-step Clickjacking attacks through visual selection of target elements, emphasizing the urgent need for improved defenses in both browsers and web applications.
Overview
Syllabus
Black Hat EU 2010 - Next Generation Clickjacking
Taught by
Black Hat